Operational resilience was the topic of discussion during ReliabilityFirst’s monthly Technical Talk with RF on Monday.

Bheshaj Krishnappa, program manager of risk and resiliency for ReliabilityFirst, focused his presentation on why resilience should matter to stakeholders, highlighting traditional risk management versus resilience and its limitations.

The Global Risks Interconnections Map titled “Systems Thinking in a Connected World” shows societal impacts like cyberattacks, social instability and national governance failure as having less impact on risks but are becoming more permanent as “disruptors.” | ReliabilityFirst

Krishnappa said operational resilience is an indicator of a company’s preparedness during challenging times, and ReliabilityFirst is working on identifying factors to increase resilience and create awareness among its stakeholders. He said one of the most important efforts is ReliabilityFirst’s tool characterizing the operational resilience of a stakeholder’s bulk power system infrastructure to cyberattacks.

Traditional risk management is centered around how to reduce risk, rather than looking at enhancing the ability to deal with systemic risk, Krishnappa said. It is important to recognize that all risks cannot be identified or anticipated across all areas, and quantifying risks is a “very big challenge,” he said.

“Until we quantify risk, we are not in a position to handle it adequately,” Krishnappa said.

Krishnappa spoke about the proliferation of black swan events, which used to be rare but are now increasing in frequency. He cited extreme weather conditions causing problems, including record-high temperatures in California that reached as high as 130 degrees Fahrenheit, leading to rolling blackouts across the state.

The World Economic Forum Global Risks Report 2020 plotted infectious diseases as a “less likely” risk. The information was plotted before the emergence of COVID-19. | ReliabilityFirst

The effects of the COVID-19 pandemic and lockdowns have also given pause to planning for risk management, Krishnappa said, with few people being able to accurately predict the impacts the pandemic would have on society and business. He said ReliabilityFirst also continues to deal with physical and cyberattacks on infrastructure.

Krishnappa pointed to a passage from the International Risk Governance Center’s 2020 Critical Infrastructure Resilience: Lessons from Insurance policy paper to emphasize his points: “Resilience enhances the risk management toolkit in several aspects and may lead to higher safety and security, in particular in a complex, interconnected risk landscape. We consider resilience-based strategies as an answer to systemic risk in a complex risk landscape.”

The “R4 Framework” of ReliabilityFirst includes “robustness,” “redundancy,” “resourcefulness” and “rapidity.” | ReliabilityFirst

To highlight the complexities of planning for risks, Krishnappa included a graph from the World Economic Forum’s Global Risks Perception survey from 2019 that plotted the most dire perceived risks. He said infectious diseases was placed as one of the least likely risks, while extreme weather and natural disasters were considered more likely.

Krishnappa said the graph would probably change today with infectious diseases moving to the high likelihood category.

“This shows us that the quantification and identification of risks is difficult,” Krishnappa said.

ReliabilityFirst’s focus is on facilitating conversations with stakeholders on resilience indicators, Krishnappa said, including where they stand on risks, what their posture is and what are the areas of improvement. He said it seeks to foster “healthy internal discussions.”

“It is important to continually assess the current resilience posture — where I am, where I need to go — which motivates stakeholders to take relevant measures,” Krishnappa said. “Sometimes we are so focused on creating the best solution that we forget that the problem itself might change.”